radicale_ynh/conf/rights

# Rights are based on a regex-based file whose name is specified in the config (section "right", key "file").
#
# Authentication login is matched against the "user" key, and collection's path is matched against the "collection" key. You can use Python's ConfigParser interpolation values %(login)s and %(path)s. You can also get groups from the user regex in the collection with {0}, {1}, etc.
#
# For example, for the "user" key, ".+" means "authenticated user" and ".*" means "anybody" (including anonymous users).
#
# Section names are only used for naming the rule.
#
# Leading or ending slashes are trimmed from collection's path.

# User can read the root of all collection. And discovers your collection.
[user-read-root-collection]
user: .+
collection: ^/
permission: r

# Give read and write access to owners
[owner-read-write]
user: .+
collection: ^%(login)s|^%(login)s/.*
permission: rw


### EXAMPLES:

## Allow authenticated user to read all collections
# [allow-everyone-read]
# user: .+
# collection: .*
# permission: r

## This means all users starting with "admin" may read any collection
# [admin]
# user: ^admin.*$
# collection: .*
# permission: r

## A little more complex: give read access to users from a domain for all
# collections of all the users (ie. user@domain.tld can read domain/\*).
# [domain-wide-access]
# user: ^.+@(.+)\..+$
# collection: ^{0}/.+$
# permission: r

## This means all users may read and write any collection starting with public.
# [public]
# user: .*
# collection: ^public(/.+)?$
# permission: rw

## Partage public en lecture seule d'un agenda
# [public for readonly]
# user: .*
# collection: ^utilisateur/nom_calendrier.ics$
# permission: r

## Partage public en lecture/écriture d'un agenda
# [public for read/write]
# user: .*
# collection: ^utilisateur/nom_calendrier.ics$
# permission: rw

# [user1 can read and write user2/shared2]
# user: ^user1$
# collection: ^user2/shared2.ics$
# permission: rw
Reprise du package 2016-04-07 00:00:41 +02:00			`# Rights are based on a regex-based file whose name is specified in the config (section "right", key "file").`
			`#`
			`# Authentication login is matched against the "user" key, and collection's path is matched against the "collection" key. You can use Python's ConfigParser interpolation values %(login)s and %(path)s. You can also get groups from the user regex in the collection with {0}, {1}, etc.`
			`#`
			`# For example, for the "user" key, ".+" means "authenticated user" and ".*" means "anybody" (including anonymous users).`
			`#`
			`# Section names are only used for naming the rule.`
			`#`
			`# Leading or ending slashes are trimmed from collection's path.`

post_user_delete + corrections 2016-04-12 14:56:23 +02:00			`# User can read the root of all collection. And discovers your collection.`
			`[user-read-root-collection]`
Corrections 2016-04-12 13:15:39 +02:00			`user: .+`
post_user_delete + corrections 2016-04-12 14:56:23 +02:00			`collection: ^/`
Reprise du package 2016-04-07 00:00:41 +02:00			`permission: r`

post_user_delete + corrections 2016-04-12 14:56:23 +02:00			`# Give read and write access to owners`
			`[owner-read-write]`
Corrections 2016-04-12 13:15:39 +02:00			`user: .+`
post_user_delete + corrections 2016-04-12 14:56:23 +02:00			`collection: ^%(login)s\|^%(login)s/.*`
Reprise du package 2016-04-07 00:00:41 +02:00			`permission: rw`

Corrections 2016-04-12 13:15:39 +02:00

			`### EXAMPLES:`

post_user_delete + corrections 2016-04-12 14:56:23 +02:00			`## Allow authenticated user to read all collections`
			`# [allow-everyone-read]`
			`# user: .+`
			`# collection: .*`
			`# permission: r`

Corrections 2016-04-12 13:15:39 +02:00			`## This means all users starting with "admin" may read any collection`
			`# [admin]`
			`# user: ^admin.*$`
			`# collection: .*`
			`# permission: r`

			`## A little more complex: give read access to users from a domain for all`
Reprise du package 2016-04-07 00:00:41 +02:00			`# collections of all the users (ie. user@domain.tld can read domain/\*).`
			`# [domain-wide-access]`
			`# user: ^.+@(.+)\..+$`
			`# collection: ^{0}/.+$`
			`# permission: r`

Corrections 2016-04-12 13:15:39 +02:00			`## This means all users may read and write any collection starting with public.`
			`# [public]`
			`# user: .*`
			`# collection: ^public(/.+)?$`
			`# permission: rw`
Reprise du package 2016-04-07 00:00:41 +02:00
Corrections 2016-04-12 13:15:39 +02:00			`## Partage public en lecture seule d'un agenda`
			`# [public for readonly]`
			`# user: .*`
post_user_delete + corrections 2016-04-12 14:56:23 +02:00			`# collection: ^utilisateur/nom_calendrier.ics$`
Corrections 2016-04-12 13:15:39 +02:00			`# permission: r`

			`## Partage public en lecture/écriture d'un agenda`
			`# [public for read/write]`
			`# user: .*`
post_user_delete + corrections 2016-04-12 14:56:23 +02:00			`# collection: ^utilisateur/nom_calendrier.ics$`
Corrections 2016-04-12 13:15:39 +02:00			`# permission: rw`

			`# [user1 can read and write user2/shared2]`
			`# user: ^user1$`
post_user_delete + corrections 2016-04-12 14:56:23 +02:00			`# collection: ^user2/shared2.ics$`
Corrections 2016-04-12 13:15:39 +02:00			`# permission: rw`